Ransomware, Security Concerns, Target Operational Technologies
Hikvision Explains Ransomware Vulnerability, Need for Data Backups
The Security magazine article, “Rise of ransomware: Why OT is a prime target for cybercriminals,” discusses increased threats and concerns for operational technologies (OT).
OT encompasses the hardware and software that enables facilities to run, such as in factories, manufacturing facilities, and other industries.
From the article: “Cybercriminals are also leveraging ransomware to target physical hardware as well, including unsecured operational technologies (OT), which help run physical processes like that in industrial equipment or critical infrastructure. OT has become a prime target to hit because organizations typically don’t run security patches on them as frequently as they would with IT systems. Updating traditional OT systems is often viewed as a daunting task for organizations that takes extensive resources and time to achieve and can be seen as an inconvenience more than a necessity.”
Hikvision outlined ransomware in this blog. Ransomware is a diabolical form of malware that is silently installed on a computer or network. Ransomware quietly encrypts all of the files and folders on your computer, and any data on connected USB or mounted shared drives, and then uploads the decryption key to the threat actor who tricked you into installing the ransomware. You then see a screen show up on your computer that informs you that your data is encrypted and to get the key to decrypt your files, you have to pay a ransom to the threat actor. Ransoms are often hundreds or thousands of U.S. dollars and are collected in bitcoin so it’s difficult to trace.
According to the Security magazine story, OT systems pose a vulnerability that hackers can exploit. These systems could also lead to a broader threat across an organization, versus malware on a single connected device. OT ransomware can shut down large swaths of a business, forcing it to pay the ransom to gain back control of their systems and operations.